Clean Code

01-old/terraform/aws_iam/policy.tf

@@ -0,0 +1,74 @@
+locals {
+  services = {
+    "CloudWatch"	: "cloudwatch",
+    "CloudTrail"	: "cloudtrail",
+    "Logs"			: "logs",
+	"S3"			: "s3",
+	"Ec2"			: "ec2",
+	"Sqs"			: "sqs"
+  }
+}
+
+resource "aws_iam_policy" "read_only" {
+  for_each = local.services
+
+  name   = "${each.key}_ReadOnly_Access"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "${each.value}:List*",
+          "${each.value}:Get*",
+          "${each.value}:Describe*"
+        ],
+        Effect   = "Allow",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_policy" "full_access" {
+  for_each = local.services
+
+  name   = "${each.key}_Full_Access"
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = [
+          "${each.value}:*"
+        ],
+        Effect   = "Allow",
+        Resource = "*"
+      }
+    ]
+  })
+}
+
+resource "aws_iam_group" "read_only" {
+  for_each = local.services
+
+  name   = "${each.key}_ReadOnly_Access_Group"
+}
+
+resource "aws_iam_group_policy_attachment" "read_only" {
+  for_each = aws_iam_group.read_only
+
+  group      = each.value.name
+  policy_arn = aws_iam_policy.read_only[each.key].arn
+}
+
+resource "aws_iam_group" "full_access" {
+  for_each = local.services
+
+  name   = "${each.key}_Full_Access_Group"
+}
+
+resource "aws_iam_group_policy_attachment" "full_access" {
+  for_each = aws_iam_group.full_access
+
+  group      = each.value.name
+  policy_arn = aws_iam_policy.full_access[each.key].arn
+}